<?php
/*************************************************************************************
 *
 *	FileName: /edp/module/login/header_php.php
 *	Desc    : Login page
 *	Author  : Seal
 *	Date    : 2009-10-27
 *
 *************************************************************************************/
require_once( ROOT_DIR."config.inc.php" );
//require_once( ROOT_DIR."uc_client/client.php" );

$errmsg = GetMessageStack();
if(isset($_GET['redir']))
	$redirect=trim($_GET['redir']);
else 
	$redirect='';
	
if(isset($_POST['username']))
	$username = trim($_POST['username']);
else
	$username = '';
	
if(isset($_POST['pass']))
	$password = trim($_POST['pass']);
else 
	$username = '';
	
function ProcessLogin() 
{
	global $errmsg, $username, $password;

	
	if( edp_is_empty_string($username) || strlen($username)>'30')
		$errmsg->add( 'login', '无效的登陆用户名！' );

	if( edp_is_empty_string($password)||strlen($password)<'5'||strlen($password)>'20' )
		$errmsg->add( 'login', '无效的登陆密码！' );

	if( $errmsg->size('login') > 0 )
			return false;

	$username = edp_db_input( $username );
	$userDao = GetUserDAO();
	
	$id = 0;
	$nick = '';
	
	/**********************************************************
	 *
	 *	Very important. Must catch any exception in the login
	 *	so that there is no any security risk.
	 *	
	 *	Modified by seal 2/28/2010 
	 *
	 **********************************************************/
	try
	{
		$res=$userDao->IsUserValidation( $username, md5($password), $id, $nick );
		if( $res=='-1' ) 
		{
			$errmsg->add( 'login', '登陆用户名或登陆密码错误！' );
			return false;
		}
		elseif($res=='0')
		{
			$errmsg->add( 'login', '您的账户由于非法行为而被管理员禁止登陆！' );
			return false;
		}
        elseif($res == '2'){
            $url = edp_href_link( PAGENAME_SENDACTIVATION_MAIL );
            $errmsg->add( 'login', '您的账户还没有被激活！点击<a href="'.$url.'"><strong>这里</strong></a>重新发送激活邮件' );
            edp_setsession( "register_userid", $id );
            edp_setsession( "register_password", $password );

			return false;
        }
		
		//if( trim($_POST['login_cookie']) != '' ) 
		
		// always save the info into the cookies
		LoginAsUser($id, $nick, true);
		//else 
		//	LoginAsUser($id, $nick, false);
		
	//	$eventDispatcher = GetEventDispatcher();
	//	$eventDispatcher->Notify( $id, LOGIN ); remove by bo @10.26
		
		$userDao->ModifyLastLogin($id);
                $userDao->RecordUserLoginEvent( $id );

		//call ucenter api to login to other system
//		list($id, $username, $password, $email) = uc_user_login( $nick, $password );
//		if($id > 0) {
//			$ucsynlogin = uc_user_synlogin($id);
//			echo $ucsynlogin;
//		}
//		else{
//			//echo "登陆其它系统失败";
//		}

		TransferTo( 'login_success' );
		return true;
		
	}
	catch( Exception $e )
	{
		$errmsg->add( 'login', '登陆过程有错误，请重试！' );
		return false;
	}
}

	/**********************************************************
	 * to use function instead of directly process because
	 * it's convinient to break out from the deep nested statement
	 * from the function
	 **********************************************************/

//Whether login
$id=GetLoginUserID();
if($id)
{
	// for ajax login
	if( isset($_GET['tiny']) ){
		echo "0";
		edp_exit();
	}

	TransferTo( 'is_login' );
}

//Process the login request
if(isset($_POST['action']))
{
	$action=trim($_POST['action']);
	
	if($action=='login') {
		
		$result = ProcessLogin();
		
		if( isset($_GET['tiny']) ){
			
			if( $result == false )
				echo_validation_message("login");
			else
				echo "0";
				
			edp_exit();
		}
	}
		
}
?>
